| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-08-08 | libs/web: rework luci.sauth | Jo-Philipp Wich | |
| - perform decoding/encoding transparently in read() and write() - remove decode() and encode() helpers - introduce reap() to kill expired sessions | |||
| 2012-08-07 | Rework authentication system | Jo-Philipp Wich | |
| The validity of authentication tokens was determined by the mtime of respective authentication tokens on filesystem stored in $sessionpath. Talking about hardware without RTC or without a prior connection to a time server, date/time usually around 1970 - so is the mtime of the authentication token file in $sessionpath. When now configuring an internet connection via LuCI, the system might fetch the current date/time (e.g. via ntp) which invalidates the token, returns "403 Forbidden" and kicks the user out of the interface. This patch changes the authentication system to use time values based on the uptime of the machine - rather than values based upon gettimeofday() and {a|m}time values - and save them inside the token. That way can always determine the difference between login (last interaction respectively) and the current time, in- dependant of the system clock jumping backwards/forwards. Warning: This patch removes the clean() function and respective calls. This means, invalid tokens will NOT be determined and removed from filesystem automatically anymore. Before, every HTTP-call caused a scan for invalid tokens, which is quite expensive. Instead consider using a cron job deleting all stalled files periodically. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org> | |||
| 2009-07-31 | Typo | Steven Barth | |
| 2009-07-31 | Fix cookie logout | Steven Barth | |
| 2009-07-19 | convert luci.fs users to nixio.fs api | Jo-Philipp Wich | |
| 2009-06-21 | Drop support for luaposix and bitlib (obsoleted by nixio) | Steven Barth | |
| Mark luci.fs as deprecated | |||
| 2008-12-14 | Added luci.sauth.kill, sanitize luci.sauth even more | Steven Barth | |
| 2008-09-05 | Inprove sanity check for luci.sauth.read | Steven Barth | |
| 2008-09-05 | Fixed some minor session handling issues | Steven Barth | |
| 2008-09-01 | libs/web: Added several sanity checks to avoid local privilege escalation | Steven Barth | |
| 2008-08-11 | Fixed last commit | Steven Barth | |
| 2008-08-11 | libs/web: Even more sanity checks | Steven Barth | |
| 2008-08-11 | libs/web: Add additional sanity checks to session mechanism | Steven Barth | |
| 2008-07-29 | libs/web: Small improvements, added inline documentation | Steven Barth | |
| 2008-07-26 | libs: Fixed serialization stuff | Steven Barth | |
| 2008-06-28 | * libs/web: Switched from HTTP-Basic-Auth to Session-Auth | Steven Barth | |
| * Updated Makefiles for better testing environment integration * Fixed libs/sgi-luci | |||
| 2008-06-27 | * libs/web: Prepare session authentication | Steven Barth | |
 |
index : openwrt/luci | |
| OpenWrt Configuration Interface |
| summaryrefslogtreecommitdiffhomepage |